package com.ttj;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

/**
 *	启动类
 */
@SpringBootApplication
public class TmServerStarter extends WebMvcConfigurerAdapter {
	public static void main(String[] args) {
		SpringApplication.run(TmServerStarter.class, args);
	}

	/**
	 * 垮域
	 */
	@Override
	public void addCorsMappings(CorsRegistry registry) {
		registry.addMapping("/**").allowedOrigins("*").allowCredentials(true)
				.allowedMethods("GET", "POST", "DELETE", "PUT").maxAge(3600);
	}
	
	/**
	 * 权限配置
	 * @author leiwuluan
	 */
	@Configuration
	protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter {

		
		@Override
		protected void configure(HttpSecurity http) throws Exception {

			http.authorizeRequests()
					.antMatchers(
							"/css/**", "/js/**", "/images/**", "/zui/**", 	// 静态资源 
							"/test/**", 
							"/godownKeeper/**", "/purchaser/**", "/serviceGroup/**","/login/check" // rest 接口Api
							)
					.permitAll();
			http.authorizeRequests().anyRequest().fullyAuthenticated().and()
			.formLogin().loginPage("/login").failureUrl("/login?error")
			.permitAll().and().logout().permitAll();
			

			// http.addFilterBefore(filter, beforeFilter);

		}
	}
}
